When fall rolls around this year you may want to be in Atlanta, GA for Microsoft's Ignite 2016, where cybersecurity will be front and center. The 2015 conference sold-out early, so if you haven't secured your conference passes yet you may be out of luck. This is especially important if you rely on Microsoft Office 365.
At the Microsoft Ignite conference, more than 90 percent of the presentations will touch on Microsoft Office 365 and more than 100 of the 528 sessions will cover cybersecurity. The format for Microsoft Ignite includes a few different types of sessions. These range from 75-minute sessions with 413 seats; to the shorter 45-minute session (86 of these are scheduled) and then a smaller number of partner-led sessions.
Why the focus on security?
Given the global instances of Microsoft Office 365, it should come as no surprise that cybercriminals and nation states are investing their own resources in determining exploits which will undermine the security implementation of the individual user as well as the organization. Truly, who hasn't been exposed or known an entity that has been affected by the Advanced Persistent Threats (APTs) unraveling in enterprise security networks in recent years? All need to be up-to-speed on is targeted threat protection. You are a target, or put more succinctly, you are a potential target. Furthermore, you have no say in whether you are deemed a viable target and are now within the adversary's bulls-eye. You do, however, control whether you will be a hard or soft target. There are seven presentations which touch on addressing APT, this content will help on the hardening side of the equation.
Phishing, Spoofing, and Whaling are everyday occurrences and regularly populate our email inboxes. The opportunity to learn how to configure your Microsoft exchange or Microsoft Office 365 instances are key for anyone involved in securing email configurations. In addition, security awareness for you the cybersecurity professional and for the employee who simply wants to do their job and do it securely are additional areas of high interest.
Over 110 of the Microsoft Ignite sessions have a cybersecurity awareness component. As we all know, an educated workforce is not only an empowered workforce but increase the odds that the correct decision is made when faced with a choice which may contain a threat. Be it, clicking on the spurious link, to opening a dubious attachment which may contain macro malware. The Mimecast paper, "Office File Macro Threats Delivered by Email" provides specific guidance on how to mitigate the threat of the macro malware contained in an email attachment.
One cannot over emphasize the role of the educated employee. As drawn from the Mimecast paper, all employers must ensure their employees "...understand the risks presented to their inboxes, and how to handle unexpected email and attachments… Ensure they understand the hacker's tactics and how to recognize simple social engineering attacks."
Mimecast, a Microsoft Partner, will be present at Microsoft Ignite 2016. Mimecast’s J.Peter Bruzzese, a cybersecurity thought leader will present 'Take a new look at cybersecurity and resiliency - ground to the cloud.' He is well known for his articulation on risk mitigation within the Microsoft Office 365 environment.
Episode 2: Lunch Event at the Palms - Nashville, TN
Q: J. Peter, where are you?
A: Greetings! J .Peter here and this week I’m in Nashville Tennessee. When I think of Nashville I think of country music and the Grand Ole Opry. The Grand Ole Opry was founded nearly 100 years ago in 1925 and is a weekly country music stage concert that has hosted all the greats over the years. Did you know it’s the longest-running radio broadcast in US history? It’s also a hotspot for Pokemon Go players. I caught several new ones right in front of the place. But I digress.
Nashville also makes me think of the movie “The Thing Called Love”. A 1993 film about four young song writers trying to get their music noticed. Starred River Phoenix, Samantha Mathis, a young Sandra Bullock and a young Dermot Mulroney.
Q: Why are you there?
A: I’m here in Nashville TN to Keynote a lunch event sponsored by Mimecast. It’s held at the Palm Restaurant in downtown Nashville. I’ve done events at Palm’s before in Orlando, Chicago, Colorado, Atlanta, Las Vegas, and Philly and I’m a huge fan of this location as a venue. Should have about 25 in the audience and I’m looking forward to having a lively discussion about Office 365.
Q: What are you there for?
A: I’m going to discuss with the audience a comparison between the big switch that occurred by in the day with a move to electricity being generated as a utility as opposed to it being generated on-premises and our day, where we are moving from on-prem to the cloud. This comparison was brought to my attention by Nicholas Carr in his book “The Big Switch” and I like to tell the story for the audience. By the end of the discussion we hone in on Office 365 rhetoric vs. reality and I point out several areas where there is a need for enhancements in areas like Security, Compliance and Archiving, and increased availability or continuity. At the end of the event, I answered questions from the audience and then give everyone a copy of the book “Conversational Office 365 Risk Mitigation” sponsored by Mimecast.
One question that came up was “how is Microsoft’s archive solution different from a third-party?” I explained that Microsoft doesn’t have a traditional archive solution which goes beyond eDiscovery and offers user interactivity (aka a read-only archive), nor does it allow for data agility or portability as a separate data bank solution. Rather, it’s simply legal hold on all mailboxes, which does provide for eDiscovery but does not reflect the modern advancements we’ve come to expect from an enterprise-grade archive solution. It was a good question I thought.
Q: Last question, right now Ransomware is a big topic in the news, can you tell me what you’ve heard recently on it?
A: Another question involved how Office 365 handles advanced threats like ransomware. Well… if you have an E5 plan or pay extra for their advanced threat protection, it includes a sandboxing solution that can help against attachments that might include a ransomware attack. Recently a macro-enabled Word document ransomware attack attracted a lot of attention in the news because it made it through Office 365 defenses until they eventually caught it and updated their security solution to spot it. Typically that happens from time to time. Something gets through initially until it’s discovered and blocked. It’s one of the reasons I preach defense in depth. If one solution doesn’t have the fix than the other one might. I also like having solutions that offer different features. For example, Mimecast does sandbox too but first it does document conversion. So a file that comes in with ransomware in a weaponized attachment would have been rendered ineffective due to the document conversion process. That’s something Microsoft simply doesn’t have. So by layering your security approach you have a much better chance of protecting your organization from the modern threats that come our way, whether ransomware, impersonation attacks, spear phishing, whaling and so on.
Hey, I hope you’ve enjoyed following me to Nashville Tennessee
Where am I going next? The ITLA Conference in Washington DC!!!
August 17, 2016
I am in the middle of my second week here at Mimecast and am excited to focus on all things security. The timing of my arrival is good as we just released important new data around malicious insiders. Here’s my take on the topic …
There’s nothing worse than being hit with a surprise attack from behind – especially by a previously trusted person. In the military, surprise rearguard actions can be very effective for the attacker and very debilitating for the defender. In a sense, cyberattacks from malicious insiders are a form of a digital rearguard action.
Today, most IT security defenses are set up to defend against external attackers, be they cybercriminals in search of money, nation states pursuing strategic advantage, or hacktivists with a politically driven agenda. And, this allocation of resources does make some sense, as most attacks do come from outside the organization – but not all. Attacks also do come from the inside. And, these attacks, when originated by trusted insiders, have proven to be extremely damaging.
In one recent example, this past July a Citibank IT engineer was sentenced to 21 months in prison for using his administrative access to wipe out nine of the company’s network routers, bringing down 90% of Citibank’s network. In Mimecast’s new survey 45% of respondents picked “Malicious Insider Attack” as their number-one perceived security vulnerability. Clearly, this is an area deserving greater focus.
Your security program needs to be based in reality. You need to honestly assess both the trustworthiness of your insiders, the amount of damage they could reasonably do if they had both the motivation and opportunity, and how much security controls can be applied given the culture and practices of the organization. Reasonable controls for malicious insiders need to be put in place to reduce the business risk to an acceptable level.
Most security programs don’t sufficiently factor in controls for the malicious insider. This is unfortunate as there are some basic ones which are cost-effective and also helpful when it comes to protecting against malicious insiders and even those who are non-malicious insiders, as well as external attackers.
Here are four tips to help reduce the risk of a malicious insider attack:
- Use role-based access management, in particular on critical systems and for highly privileged users, such as IT administrators. This approach limits the ability of malicious actors to do damage.
- Don’t make it easy for the malicious insider to steal your data. Monitor and block the movement of sensitive data outside the organization via email, ftp, and via the web.
- Train employees – regularly. The more eyes you have on this area of risk the better. Help your team understand that “if they see something, say something.”
- Update your incident response plan to include how to guard against and respond to malicious activities by insiders. This will definitely need to involve more than just your IT and Security departments – include HR, legal and PR.
August 10, 2016This past week Mimecast had the pleasure of attending the Black Hat Event in Las Vegas, NV. The atmosphere was energetic and our booth, although small, was mightier than any other booth on the floor. The Mimecast team varied members from marketing to sales and soared through engaging everyone at the event. With a “#MimecastBHAT giveaway” grouping to dazzle the masses, we gave away a Mini-Segway and some fabulous Bose ™ headsets.
Below is a small recap of what happened, so you can feel like you were able to attend. Let us be the eyes and ears for an event that truly thrilled the masses.
Arriving in Las Vegas, NV around 5:30pm, the Mimecast team was just in time to make it to a great party that was at Red Square in the Mandalay Bay Resort and Casino. It was here where we announced some big news with PhishMe, take a look here.
Lights, camera, action! What a moment, our very own Cyber Security Strategist, Bob Adams, was able to kill it in his interview with Dark Reading, click play to watch the full interview below.
Full house, no problem. Bob Adams, yet again, drove the Mimecast message to the audience on how important understanding email attacks are. “Ransomware is occurring more and more and we need to do something to stop it, educating others is the first step,” said Bob. Stay tuned, as we will update shortly with his impactful presentation.
Back in the booth: Mimecast shares the love on the tradeshow floor. Interested in seeing all of the people who entered our #MimecastBHAT contest, click here. We gave away Bose headsets and a grand prize of a Mini-Segway!!!
Who doesn’t like working on solving problems with clients? At the event, we got to see so many customers and meet many new prospects. Thank you to everyone who stopped by booth 1366. We really loved getting to know you just a little bit better.
Time to announce the winners of Day Two of the Selfie contest, we had some great entries, but in the end, these three took home some great swag.
After an amazing few days, a few cold beers and lots of entries it came down to the top “Selfie” taken and it went to @SecuritySean. Congrats to all who entered. And get ready for our next event. We will see you all at Microsoft Ignite next month.